jb_append_string(js, "ack_unseen_data");
if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_TCP_PORT_REUSE)
jb_append_string(js, "tcp_port_reuse");
+ if (p->tcpvars.stream_pkt_flags & STREAM_PKT_FLAG_TCP_ZERO_WIN_PROBE)
+ jb_append_string(js, "zero_window_probe");
jb_close(js);
}
jb_close(js);
#define STREAM_PKT_FLAG_DSACK BIT_U16(8)
#define STREAM_PKT_FLAG_ACK_UNSEEN_DATA BIT_U16(9)
#define STREAM_PKT_FLAG_TCP_PORT_REUSE BIT_U16(10)
+#define STREAM_PKT_FLAG_TCP_ZERO_WIN_PROBE BIT_U16(11)
#define STREAM_PKT_FLAG_SET(p, f) (p)->tcpvars.stream_pkt_flags |= (f)
if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->client.next_seq && ssn->client.window == 0) {
SCLogDebug("ssn %p: zero window probe", ssn);
zerowindowprobe = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_TCP_ZERO_WIN_PROBE);
} else if (SEQ_GEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_seq)) {
StreamTcpUpdateNextSeq(ssn, &ssn->client, (TCP_GET_SEQ(p) + p->payload_len));
if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->server.next_seq && ssn->server.window == 0) {
SCLogDebug("ssn %p: zero window probe", ssn);
zerowindowprobe = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_TCP_ZERO_WIN_PROBE);
} else if (SEQ_GEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_seq)) {
StreamTcpUpdateNextSeq(ssn, &ssn->server, (TCP_GET_SEQ(p) + p->payload_len));
projects / thirdparty / suricata.git / commitdiff
